Black Traffic Information Security.

This is just a placeholder for occasionally when I need to make a large file available for download, or odd little jobs like that. Please contact jamie AT if you have been given a link and it doesn't work. Now and then I use it to host malware in order to test web proxy filtering - you have been warned.

x509 cert with XSS in the various fields.

zip file with XSS in member name.

Hashcrack stuff

Some blog posts here, largely about password cracking at the time of writing.

The SSL configuration is done like this - using latest Debian:

SSLEngine on
SSLCertificateFile /etc/apache2/www_blacktraffic_co_uk.crt
SSLCertificateChainFile /etc/apache2/
SSLCertificateKeyFile /etc/apache2/
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression Off
Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Clacks-Overhead "GNU Terry Pratchett" suggests the following - though I suspect this may have been fixed by upgrading to latest Apache/openssl:
openssl dhparam -out dhparams.pem 2048
cat dhparams.pem >> www_blacktraffic_co_uk.crt
You may check the Qualys SSL rating of this config here (A+ at time of writing) or - using a different tool - here.

You can check what cipher suites your browser supports (and in what order) here:

Link to EICAR test file here

Hosted by - - CO2 neutral, IPv6 ready as standard. We like them.